Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / August 2006

Tip: Looking for answers? Try searching our database.

SHA Message Digest Algo not supported by IBM JDK

Thread view: 
Enable EMail AlertsStart New Thread
Raga - 31 Jul 2006 09:56 GMT
Hi,

When I run an application with IBM's JDK, am getting the following
exception:
"java.lang.SecurityException: SHA MessageDigest not available"

Any idea on how to create support for this Message Digest algo? One way
is to use provider, I guess. But I don't know how to use a provider &
where to get it from. Any suggestions/thoughts?

Thanks.
Reply to this Message
Mike Amling - 31 Jul 2006 18:28 GMT
> Hi,
>
[quoted text clipped - 5 lines]
> is to use provider, I guess. But I don't know how to use a provider &
> where to get it from. Any suggestions/thoughts?

  Just plain old SHA, the predecessor of SHA-1? It's not secure. Try
MessageDigest.getInstance("SHA1").

--Mike Amling
Reply to this Message
Raga - 01 Aug 2006 07:24 GMT
Hi Mike,

In my code, nowhere am using Message Digest algorithm explicitly. Looks
like JDK's classes are internally using the algorithm. See the stack
trace:

java.lang.SecurityException: SHA MessageDigest not available
       at sun.rmi.server.Util.computeMethodHash(Util.java:378)
       at
sun.rmi.server.UnicastServerRef$HashToMethod_Maps.createMap(UnicastServerRef.java:544)
       at
sun.rmi.server.WeakClassHashMap.getMap(WeakClassHashMap.java:71)
       at
sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:196)
       at
java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:306)
       at
java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:248)
       at
java.rmi.server.UnicastRemoteObject.<init>(UnicastRemoteObject.java:146)
       at
java.rmi.server.UnicastRemoteObject.<init>(UnicastRemoteObject.java:132)
       at core.Engine.<init>(Unknown Source)

the class Engine, in my code, imports java's RMI package, & the RMI
package seems to internally call/use SHA message digest algorithm.

Regards,
Raga

> > Hi,
> >
[quoted text clipped - 10 lines]
>
> --Mike Amling
Reply to this Message
Mike Amling - 01 Aug 2006 16:03 GMT
> Hi Mike,
>
[quoted text clipped - 22 lines]
> the class Engine, in my code, imports java's RMI package, & the RMI
> package seems to internally call/use SHA message digest algorithm.

  So, when using the IBM JVM, if you invoke
MessageDigest.getInstance("SHA1") and MessageDigest.getInstance("SHA")
in your own code does the former work and the latter throw a
SecurityException?
  If so, then I think the real problem is that
sun.rmi.server.Util.computeMethodHash should be asking for SHA1 if
that's what it wants and not SHA which is not what it wants. However the
only workaround I can think of is to supply a Provider.

--Mike Amling
Reply to this Message
Raga - 02 Aug 2006 13:53 GMT
Thanks Mike! I used Bouncy Castle's JCE/provider solution & it worked!

> > Hi Mike,
> >
[quoted text clipped - 33 lines]
>
> --Mike Amling
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.